Search
Protect Act
research
forensics

PUBLICATIONS

The following is a list of publications related to the research projects of the lab. Click on a paper's keywords to see other papers with matching keywords.

Click here to go back to seeing all lab publications.


  • @mastersthesis{Walls:2009,
    Abstract = {Covert timing channels provide a way to surreptitiously leak information from an entity in a higher-security level to an entity in a lower level. The difficulty of detecting or eliminating such channels makes them a desirable choice for adversaries that value stealth over throughput. When one considers the possibility of such channels transmitting information across network boundaries, the threat becomes even more acute. A promising technique for detecting covert timing channels focuses on using entropy-based tests. This method is able to reliably detect known covert timing channels by using a combination of entropy and conditional entropy to detect anomalies in shape and regularity, respectively. This dual approach is intended to make entropy-based detection robust against both current and future channels. In this work, we show that entropy-based detection can be defeated by a channel that intelligently manipulates the metrics used for detection. Specifically, we propose a new covert channel that uses a portion of the inter-packet delays in a compromised stream to smooth out the distortions detected by the entropy test. Our experimental results suggest that this channel can successfully evade entropy-based detection and other known tests while maintaining reasonable throughput. Furthermore, we investigate the effects of parameter selection on the channel. We introduce a model for analyzing the effect of our techniques on the entropy of the channel and empirically investigate the accuracy of the model.},
    Author = { Robert Walls},
    Keywords = {anonymity},
    School = {The University of Texas at Arlington},
    Title = {{Liquid: A detection-resistant covert timing channel based on IPD shaping}},
    Year = {2009}}

    [link]

  • Top Back to top

    HOME | PUBLICATIONS | RESEARCH | SPONSORS | IN THE NEWS | CONTACT